怎样使用户拥有sudo的权限:Add User to “sudoers” File(转)
2011-03-29 14:40
549 查看
Add User to “sudoers” File
Filed under:Linux,
ubuntu — Tags: sudo,
sudoers file — Benaiah @ 10:17 am
To give a user the ability to use the “sudo” command you must add them to the “sudoers” file. Here’s how.
Thanks to ubuntucat (see comment below) for the following suggestion! The easiest way to allow a user to
sudo is to simply run the following command from the Terminal:
To open the Terminal:
Applications >> Accessories >> Terminal
Once the Terminal is open type:
sudo adduser username admin
This must be done from an account that already has sudo abilities or else from the root account.
If for some reason you have to manually edit the “sudoers” file keep reading!
Open the file “sudoers” located at /etc/sudoers using your favorite text editor. You must have root permissions to be able to edit this file so you will want to open your editor from the command line.
To use gedit you would do the following:
Open the Terminal and type:
sudo gedit /etc/sudoers
If you want to use vim you can simply enter the following into the Terminal:
sudo visudo
Once you have the sudoers file open, scroll down to the line:
root ALL = (ALL) ALL
Add the folling line below the root line (replacing “user” with the name of the account you wish to give sudo access to)
user ALL = (ALL) ALL
Save and close the file. The new user has now been added to the “sudoers” file and can use the “sudo” command.
另一篇:
Sudo is a program designed to allow a sysadmin to give limited
root
privileges to users and log root activity. The basic philosophy is to give as few privileges
as possible but still allow people to get their work done.
Debian’s sudo package has the password timeout set to 15 minutes. This means that when you first enter your password, as long as you don’t wait more than 15 minutes between sudo commands, you won’t have to enter it again. The password timeout can be immediately
expired with sudo -k.
Debian’s sudo is compiled with
--with-exempt=sudo
--with-secure-path=”/usr/local/sbin:/usr/local/bin:/usr/sbin:
As a consequence, the PATH of the user is ignored except if the user is in group sudo.
Installing SUDO in Debian
# apt-get
install sudo
This will complete the
installation of sudo.
SUDO Configuration file is /etc/sudoers
Default sudoers file looks like below
# /etc/sudoers
#
# This file MUST be edited with the ‘visudo’ command as root.
#
# See the man page for details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
Only last line is valid now this means that the root user can run any command.
If you want to give perticular user to run any command use the following line in /etc/sudoers file
#vi /etc/sudoers
add the following line
user ALL=(ALL) ALL
here user means username
To run one command as root
sudo command
For more commands, run your shell with sudo.
sudo sh (if sh is your shell.)
Be careful when you are root. When you are done, type exit
SUDO Configuration examples
# User alias specification
User_Alias ADMINS = user1, user2, user3
User_Alias WEBMASTERS = user4, user5, user6
# command alias specification
Cmnd_Alias APACHE = /usr/local/sbin/kickapache
Cmnd_Alias TAIL = /usr/bin/tail
Cmnd_Alias SHUTDOWN = /sbin/shutdown
Cmnd_Alias APT = /usr/bin/apt-get, /usr/bin/dpkg
# privileges
ROOT ALL = (ALL) ALL
WEBMASTERS ALL = PASSWD : APACHE, TAIL
admin ALL = NOPASSWD : /etc/init.d/apache
Running Commands Using SUDO
To get a file listing of an unreadable directory
$sudo ls /usr/local/protected
To list the
home directory of user test on a machine where the file system holding ~test is not exported as root
$sudo -u test ls ~test
To edit the index.html file as user www:data
$sudo -u www:data vi ~www/htdocs/index.html
To shutdown a machine:
$sudo shutdown -r +15 “quick reboot”
To make a usage listing of the directories in the /home partition. Note that this runs the commands in a sub-shell to
make the cd and file redi-rection work.
$sudo sh -c “cd /home ; du -s * | sort -rn > USAGE”
If you want more options about sudo check sudo
man page
Using Rootsh with SUDO
One more nice tool to use with sudo is
rootsh
Download and install rootsh
Rootsh is a wrapper for shells which logs all echoed keystrokes and terminal output to a file and/or to syslog. It’s main purpose is the auditing of users who need a shell with root privileges. They start rootsh through the sudo mechanism.
Start a shell with logging of input/output. Rootsh must be started via sudo if you want to become root. It does not raise your privileges on it’s own. You can run rootsh as a standalone application if you only want to log your own user’s session. If you
call rootsh with additional commands, these will be passed to the shell.
You can create an entry in /etc/sudoers file
trusted_user host_or_ALL = /bin/rootsh
Rootsh Syntax
rootsh [OPTION]… [--] [COMMANDS]
$sudo rootsh
User should see himself in a root shell, as if he typed “su -” or “sudo -s”.
Main advantage of this is, everything user types will be sent to syslog. So if he tries to access some secure files from the server you can catch him using the logfiles from your syslog server.
Rootsh Usage Examples
$sudo rootsh
Start a logged root shell
$sudo rootsh -u oracle
Start a logged shell in the context of user oracle.
$rootsh -f mysession.log --no-syslog
Start a new shell for your
user
id, write protocol into mysession.log, do not send anything to syslog. This is
identical to “script -f mysession.log”
$sudo rootsh -i -u oracle lsnrctl stop
Run command “lsnrctl stop” as user oracle. (this will call sh -c “lsnrctl stop”)
$sudo rootsh -i -u oracle -- ls -l
Run command “ls -l” as user oracle. (this will call sh -c “ls -l”)
相关文章推荐
- Add user to sudoers
- How to add a user to the sudoers list
- sudo 使用不了, the permissions on the /etc/sudoers file are changed to something other than 0440
- 使用sudo时user is not in sudoers file 的解决
- How to use the windows active directory to authenticate user via logon form 如何自定义权限系统,使用 active directory验证用户登录
- 使用sudo时user is not in sudoers file 的解决
- 使用sudo时user is not in sudoers file 的解决
- Add user to sudoers - 润物无声 - 博客频道 - CSDN.NET
- How to add a user to the sudoers list
- [Linux]--add user to sudo group
- linux权限管理之su与 sudo详解___username is not in the sudoers file
- 使用sudo时user is not in sudoers file的解决
- linux权限管理之su与 sudo详解___username is not in the sudoers file
- How to add a user to the sudoers list
- Linux下增加User及添加sudo权限
- umask函数的使用方法 - 怎样进行权限位的设置
- oracle grant connect,resource to user包括的权限
- 在使用jar时,eclipse提示has to have a jad file file if it exports a mildlet jar
- 使用action属性接收参数<a href="user/user!add?name=a&age=8">添加用户</a>
- 使用samba时出现"Failed to find entry for user..."